Security

last person joined: 30 minutes ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Authentication on Clearpass faild - Failed to classify request to service Error code 204

Jump to Best Answer
  • 1.  Authentication on Clearpass faild - Failed to classify request to service Error code 204

    Posted May 06, 2013 09:17 AM

    Hi,

     

    I´ve set up clearpass in a test enviroment.

    We´ve a 650 Controller with firmware 6.2.0.3.

    CPPM  Version 6.0.2.24585.

     

    When I make an AAA test from the Controller:


    Capture.JPG

     

    My CPPM shows thin in AccessTracker:

     

     

     

    Capture1.JPG

     

    What is wrong?

     

    Maybe anybody have an idea.

     

    Thanks

     



  • 2.  RE: Authentication on Clearpass faild - Failed to classify request to service Error code 204

    Posted May 06, 2013 09:32 AM

    Your services probably have something specific that a test authentication does not.  If your service has aruba-essid-name as an attribute, for example, a test does not have an ssid, so it will not be categorized.  Look in the details of the input tab of the failed message and compare it to existing services to see what you are missing.

     

     



  • 3.  RE: Authentication on Clearpass faild - Failed to classify request to service Error code 204

    Posted May 06, 2013 09:47 AM

     

     

    I never seen this error but I am wondering if you have the ip source radius configured correctly on the controller .

     

    (controller) #show ip radius source-interface

    Global radius client source IP address = 10.10.10.1 ====> this should match the ip address you have configured in CCPM > Configuration > Network > Devices 

    This is local configuration to each controller

     



  • 4.  RE: Authentication on Clearpass faild - Failed to classify request to service Error code 204

    Posted May 06, 2013 10:05 AM

    Ok vfabian I checked it, there is the right ip address.


    the problem is still there.

     

    thanks



  • 5.  RE: Authentication on Clearpass faild - Failed to classify request to service Error code 204

    Posted May 06, 2013 10:12 AM

    Just as Colin stated your service is not being classified by CPPM.

     

    You need to check your settings in the service to catch your auth request otherwise CPPM will just send a reject no matter what. 



  • 6.  RE: Authentication on Clearpass faild - Failed to classify request to service Error code 204

    Posted May 06, 2013 10:16 AM

    Leon123,

     

    Let me be specific:  A service only classifies or handles an incoming authentication if the attributes of the incoming authentication contain elements in the service rules tab of that service:  In the service below, it is stipulating that the Aruba ESSID needs to be "Guest" for the incoming authentication.  I know for a fact that a test authentication does NOT have an SSID or WLAN component to it, so it will fail.  If you KNOW a service should be handing your test, take a look at the SERVICE TAB on the service and compare the INPUT tab of the failed authentication and make sure what the service requires is in the authentication.

    servicerule.png

     

    My test authentication below just like yours does NOT hsave an Aruba-Essid-Name radius attribute in the radius request so it would not be processed by that rule above.  That is because it is not a real client associated to a real wireless network.  You can remove the service rule that makes it too restrictive to your test authentication or you can create a new service that has the attributes of your test so that it gets classified:

     

    radiusrequest.png



  • 7.  RE: Authentication on Clearpass faild - Failed to classify request to service Error code 204

    Posted Apr 29, 2014 03:05 PM

    This 204 error occured for me when the source SSID name did not exactly match service rule value.  I learned that the value is case sensitive and must match source SSID name exactly.

     

    Once case was matched, users were authenticating successfully.



  • 8.  RE: Authentication on Clearpass faild - Failed to classify request to service Error code 204

    Posted Oct 06, 2014 05:47 AM
      |   view attached

    I Have the the same problems but i don not get radius input:

     

     



  • 9.  RE: Authentication on Clearpass faild - Failed to classify request to service Error code 204

    Posted Oct 06, 2014 06:56 AM
    Is that a real authentication request or are you using the aaa test option?


  • 10.  RE: Authentication on Clearpass faild - Failed to classify request to service Error code 204
    Best Answer

    Posted Oct 06, 2014 02:04 PM
    It was a real client. Solved it to include pre Auth radius settings in the authentication configuration. But got some other issues posted in other treads